Wired: How a Shady Chinese Firm’s Encryption Chips Got Inside the US Navy, NATO, and NASA

Posted by apricorn.com on Jul 20th 2023

In Response to Wired: How a Shady Chinese Firm’s Encryption Chips
Got Inside the US Navy, NATO, and NASA

It’s important to remember that the scenarios suggested in this article are speculative and theoretical.
In more than 17 years of making over 2.5 million secure, encrypted external storage devices, there has not been a single report of a successful attack or a proven vulnerability involving Apricorn’s encrypted USB storage products.

Not one.

Apricorn regards every component source with an absolute zero-trust approach, regardless of where a chip originates. We assume no component to be secure on its own, and we design our products to mitigate any and all vulnerabilities that could be introduced into our final product.
As such, we:
  • Fully test and evaluate each component to ensure we select the most reliable and secure components available.
  • Invest significant time, resources and budget in contracting third-party penetration testers to look for any potential vulnerabilities
    in each and every one of our products on an ongoing basis. While none have been discovered to date, we continue this testing.
  • Ensure that our designs attain FIPS validations from NIST for globally accepted security standards. Our track record, design process,
    and commitment to data security proves that Apricorn produces the most secure external storage devices in the industry.
 
Apricorn is also committed to adhering to the sanctions put in place by the US government, and are in full compliance with all relevant
government requirements. The components used within Apricorn devices, and the design of our devices, are proprietary intellectual property
that we don’t share with customers. This is not just a matter of intellectual property, but also a matter of increased security for our devices
and our design, as well as assurances for our customers and their data.
 
Apricorn is committed to security and remains confident that none of our customers are being, nor will be affected by the proposed
vulnerability discussed in the article. To illustrate this, consider the following security features built into every Apricorn device:
  • Software-free and hardware-encrypted, meaning 100% of device authentication and encryption processes take place within the
    device itself; there is no involvement with the host computer whatsoever.
  • Protects data at rest and will not communicate with any host computer in any fashion until the device is physically unlocked by way of its
    numeric keypad; there is NO cyber pathway to unlocking / authenticating an Apricorn device. Nefarious actors would have to take physical
    possession of a device in order to attempt any type of attack.  
  • Has a programmable brute force mode , which allows only 20 passcode attempts before the decryption key self-destructs.
 
If you have further questions about the article in question, or how Apricorn ensures its products are not vulnerable to the types of
theoretical attacks described in the article, please reach out to sales@apricorn.com